页面
Commands And Labels
Maintainer-gated AI development pipeline for GitHub issues, discussions, labels, workflows, branches, and pull requests.
Commands And Labels
This page owns the public command surface and managed labels. Permission rules are documented in Security and Permissions.
Command Parsing
GitVibe only reads the first line of a comment. The supported prefix is:
/git-vibe@git-vibe is intentionally unsupported so commands do not look like GitHub
account mentions.
flowchart TD
A[New issue, discussion, or PR comment] --> B{First line starts with /git-vibe?}
B -->|no| Z[Ignore]
B -->|yes| C{Actor has write, maintain, or admin?}
C -->|no| D[Reject with 403]
C -->|yes| E{Command has dispatch rule?}
E -->|yes| F[Add rocket reaction if possible]
F --> G[Dispatch workflow with source-comment metadata]
E -->|no| H[Log no matching dispatch rule]Public Commands
| Command | Surface | Workflow | Notes |
|---|---|---|---|
/git-vibe investigate | Issue comment | investigate.yml | Bug investigation only |
/git-vibe materialize | Discussion comment | materialize.yml | Requires the Discussion to already have gvi:validated |
Accepted comment commands get a rocket reaction before dispatch. If the
reaction fails, GitVibe posts a queued workflow comment instead.
Public Trigger Labels
| Label | Surface | Effect |
|---|---|---|
git-vibe:investigate | Issue | Dispatches investigate.yml, removes stale blocked state, adds gvi:investigating, then removes the trigger label |
git-vibe:validate | Issue or Discussion | Dispatches validate.yml, removes the trigger label on issues, and posts a queued workflow comment |
git-vibe:approved | Issue | Trusted issue approval labels are accepted as a no-op because code-writing workflows are removed |
git-vibe:approved | Validated Discussion | Dispatches materialize.yml after gvi:validated exists |
git-vibe:review | Pull request | Dispatches review.yml, removes stale ready/blocked state, and marks the PR gvi:reviewing |
git-vibe:accept-risk | Issue, Discussion, or pull request with a blocked GitVibe result | Accepts prompt-injection input risk for one run, then GitVibe removes the label |
git-vibe:accept-risk is only for trusted maintainers handling a blocked
prompt-injection safety result. GitVibe binds the acceptance to the current
workflow run, accepted stage, artifact, and pull request head SHA when present.
The next security-review treats context before the label as accepted risk,
scans only context created or edited after the label, removes the label, and
lets downstream jobs run only if the delta is safe.
Internal Runtime Labels
| Label | Meaning |
|---|---|
gvi:needs-discussion | Feature issue should move to Discussion |
gvi:story | Implementation issue materialized from a Discussion |
gvi:investigating | Investigation is running |
gvi:investigated | Investigation completed |
gvi:ready-for-approval | GitVibe believes a pull request is ready for human approval |
gvi:validating | Issue or Discussion validation is running |
gvi:validated | Discussion validation completed and materialization is allowed |
gvi:blocked | GitVibe needs more information or cannot proceed safely |
gvi:reviewing | Pull request review matrix is running |
gvi:in-progress | Legacy deterministic write-work label |
gvi:pr-opened | Legacy label from removed code-writing automation |
gvi:pr-approved | Trusted reviewer approved a GitVibe PR |
gvi:pr-merged | GitVibe PR was merged while source issue still needs closure state |
gvi:review-fix | Internal issue review-fix continuation marker |
Maintainers should not add gvi: labels manually. GitVibe creates missing
managed labels on app startup or the first webhook seen for a repository.
Label Flow
flowchart TD
Bug[Bug issue] -->|git-vibe:investigate| Investigating[gvi:investigating]
Investigating -->|ready| Investigated[gvi:investigated]
Investigating -->|not ready| Blocked[gvi:blocked]
Discussion[Feature Discussion] -->|git-vibe:validate| Validating[gvi:validating]
Validating -->|ready| Validated[gvi:validated]
Validated -->|git-vibe:approved or /git-vibe materialize| Materialize[materialize.yml]
HumanPR[Existing pull request] -->|automatic-pr-review.yml or git-vibe:review| PRReviewing[PR gvi:reviewing]
ReviewLabel[PR git-vibe:review] -->|review.yml| PRReviewing
PRReviewing -->|review passed| PRReady[PR gvi:ready-for-approval]
PRReviewing -->|changes required| PRBlocked[PR gvi:blocked]
PRReady -->|trusted approval| PRApproved[gvi:pr-approved]Unauthorized Label Handling
sequenceDiagram
participant User
participant GitHub
participant App as GitVibe app
User->>GitHub: Add git-vibe:* or gvi:* label
GitHub->>App: labeled webhook
App->>GitHub: Check collaborator permission
alt untrusted actor
App->>GitHub: Remove label
App->>GitHub: Post audit comment
else trusted actor and valid trigger
App->>GitHub: Dispatch workflow or accept runtime label
endFor token permissions and trust boundaries, see Security and Permissions.